quiche: add fake implemention of QuicProofSource and QuicProofVerifier#7328
quiche: add fake implemention of QuicProofSource and QuicProofVerifier#7328mattklein123 merged 20 commits intoenvoyproxy:masterfrom
Conversation
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
This reverts commit 9914fb4. Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
|
/assign @wu-bin @alyssawilk |
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
|
/retest |
|
🔨 rebuilding |
wu-bin
left a comment
There was a problem hiding this comment.
Thanks Dan. LGTM modulo some nits.
| namespace Quic { | ||
|
|
||
| // A dummy implementation of quic::ProofSource which returns a dummy cert and | ||
| // a fake signature for given QUIC server config. |
There was a problem hiding this comment.
nit: for a given QUIC server config.
| std::unique_ptr<quic::ProofVerifierCallback> callback) override { | ||
| if (VerifyCertChain(hostname, certs, "", cert_sct, context, error_details, details, | ||
| std::move(callback)) == quic::QUIC_SUCCESS && | ||
| signature == absl::StrCat("Dummy signature for { ", server_config, " }")) { |
There was a problem hiding this comment.
Can we put the StrCat call into a function, and use it from here and EnvoyQuicFakeProofSource::ComputeTlsSignature?
There was a problem hiding this comment.
I thought about this, but ideally ProofSource and ProofVerifier shouldn't depends on each other and it's not worth to add another library for helper function used by fake implementations.
| const quic::ProofVerifyContext* /*context*/, std::string* /*error_details*/, | ||
| std::unique_ptr<quic::ProofVerifyDetails>* /*details*/, | ||
| std::unique_ptr<quic::ProofVerifierCallback> /*callback*/) override { | ||
| std::string cert = absl::StrCat("Dummy cert from ", hostname); |
There was a problem hiding this comment.
Similar to above, put "Dummy cert from {}" and "Dummy timestamp" into functions, use them from here and EnvoyQuicFakeProofSource.
| namespace Envoy { | ||
| namespace Quic { | ||
|
|
||
| // A dummy implementation of quic::ProofVerifier which approves the certs and |
There was a problem hiding this comment.
nit: For consistency, how about replace all mentions of "dummy" to "fake", in fake_proof_verifier and fake_proof_source?
tools/spelling_dictionary.txt
Outdated
| canonicalizer | ||
| cardinality | ||
| casted | ||
| chlo |
There was a problem hiding this comment.
nit: This is not needed, see the beginning of this file. Adding "CHLO" will also accept "chlo" or "Chlo".
| std::vector<std::string> expected_certs_; | ||
| }; | ||
|
|
||
| class EnvoyQuicProofSourceTest : public ::testing::Test { |
There was a problem hiding this comment.
nit: How about EnvoyQuicFakeProofSourceTest?
| TEST_F(EnvoyQuicProofSourceTest, TestGetProof) { | ||
| auto callback = std::make_unique<TestGetProofCallback>(expected_signature_, "Dummy timestamp", | ||
| expected_certs_); | ||
| proof_source_.GetProof(server_address_, hostname_, server_config_, version_, chlo_hash_, |
There was a problem hiding this comment.
Can we also check that "callback" is actually executed by GetProof?
Signed-off-by: Dan Zhang <danzh@google.com>
|
/retest |
|
🔨 rebuilding |
bazel/external/quiche.BUILD
Outdated
| ) | ||
|
|
||
| envoy_cc_library( | ||
| name = "quic_core_crypto_proof_source_interface", |
There was a problem hiding this comment.
nit: Please keep the libraries name in sync with their internal names. Same for quic_core_crypto_proof_verifier_interface.
There was a problem hiding this comment.
Switched to quic_core_crypto_crypto_handshake_lib after sync'ing #7340.
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
Signed-off-by: Dan Zhang <danzh@google.com>
|
compile_time_options ci fixed by disabling all quic related tests via tag |
wu-bin
left a comment
There was a problem hiding this comment.
Thanks Dan. This looks good to me, but I'm not familiar with ssl, can you get a second eye on the "nofips" filtering?
|
/assign @mattklein123 @htuch |
Signed-off-by: Dan Zhang <danzh@google.com>
mattklein123
left a comment
There was a problem hiding this comment.
LGTM from a skim with a question. Thank you!
/wait-any
| # Building all the dependencies from scratch to link them against libc++. | ||
| echo "Building..." | ||
| bazel build ${BAZEL_BUILD_OPTIONS} ${COMPILE_TIME_OPTIONS} -c dbg //source/exe:envoy-static | ||
| bazel build ${BAZEL_BUILD_OPTIONS} ${COMPILE_TIME_OPTIONS} -c dbg //source/exe:envoy-static --build_tag_filters=-nofips |
There was a problem hiding this comment.
Sorry what is the TLDR on all the nofips changes?
There was a problem hiding this comment.
QUIC relies on some boringssl hooks that aren't in the (current) fips boringssl release.
I suggested to Dan that we just opt QUIC out of the FIPS build because of that. I didn't realize that our debug build used the fips boringssl build though :-/
There was a problem hiding this comment.
I think this is the "compile time options" build.
What is preventing us from just building/testing QUIC in the normal build at this point?
There was a problem hiding this comment.
I just documented the issue in #7433, but basically is what Alyssa explained.
nofip tag is only excluded from compile-time-options build. And in normal build we can still run and test QUIC integration code.
There was a problem hiding this comment.
OK. Are we building QUIC in the normal release build now though? Or is it only compile time options?
There was a problem hiding this comment.
Yes, we build and test QUIC in all CI's except for compile-time-options.
This pair will be replaced by actual EnvoyQuicProofSource/Verifier. Before that, we use faked ones to integrate with quiche code.
Update quiche tarball to commit 8f3a576515ada564d3e2b560220649f49a21dec1
Risk Level: low, temporary use, not to be used in production
Testing: added new tests for the faked behavior. Since boringssl QUIC interface is not present in FIPS yet, quic targets are disabled in compile_option_ci using
nofipstag.Part of #2557